Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 5th January 2005, 02:53 PM
baldeyuk Offline
Registered User
 
Join Date: Jan 2005
Posts: 2
SSL On Fedora Core 3

Hi all
Im not sure whether this should be in software or here but here goes.

I have Fedora 3 installed kernel 2.6.9-1.724_FC3 as well as httpd-2.0.52-3.1, mod_ssl-2.0.52-3.1 and openssl-0.9.7a-40. I am trying to generate a self signed ssl certificate for testing my machine. I follow the folling steps to create my own key:

to delete the dummy keys that are default with FC3
rm -f /etc/httpd.conf/ssl.crt/server.crt /etc/httpd.conf/ssl.key/server.key

then create a new key
cd /usr/share/ssl/certs/
make genkey

now to create the cert

cd /usr/share/ssl/certs/
make testcert

now when i go to start my httpd service i get this error:

service httpd start

Starting httpd: Apache/2.0.52 mod_ssl/2.0.52 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server server.domain.co.uk:443 (RSA)
Enter pass phrase:Apache:mod_ssl:Error: Private key not found.
**Stopped
[FAILED]

This would suggest that the server.key file isnt in /etc/httpd/conf/ssl.key but i have check and it is.
Also /etc/httpd/conf.d/ssl.conf points to this file as well.

The out put of my ssl_errors.log is:
[Wed Jan 05 14:33:45 2005] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?]
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

which isnt much help

I have also tried with a test certificate from freessl.com but the same thing happens.

Has anyone run into this before? Any help would be greatly appreciated!!
Reply With Quote
  #2  
Old 5th January 2005, 03:11 PM
tip Offline
Registered User
 
Join Date: Nov 2004
Location: chicagoland
Posts: 15
This might help: http://www.rpatrick.com/tech/makecert/
__________________
yub yub, says the ewok.
Reply With Quote
  #3  
Old 21st January 2005, 03:46 PM
pigpen Offline
Registered User
 
Join Date: Nov 2003
Location: Regensburg, Germany
Age: 43
Posts: 447
You said:
Quote:
then create a new key
cd /usr/share/ssl/certs/
make genkey
This seems to be the problem.
From the Redhat Linux 9.0 Manual:
Quote:
Note that if you do not want to type in a passphrase every time you start your secure server, you will need to use the following two commands instead of make genkey to create the key.

Use the following command to create your key:

/usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key

Then use the following command to make sure the permissions are set correctly for the file:

chmod go-rwx /etc/httpd/conf/ssl.key/server.key

After you use the above commands to create your key, you will not need to use a passphrase to start your secure server.
If you're not running a enterprise-grade webserver, you probably do not need a passphrase (I think most of us don't).
Hope this helps! Good luck!

EDIT: I just posted this How-To: http://www.fedoraforum.org/forum/showthread.php?t=32602
__________________
/(bb|[^b]{2})/ -- that is the question!

Last edited by pigpen; 21st January 2005 at 03:56 PM.
Reply With Quote
Reply

Tags
core, fedora, ssl

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Urgent - possible remote exploit on fedora core 3, core 1 and core 4 al3x Security and Privacy 31 26th January 2007 01:31 PM
Fedora Core 5 Re-Spin 20060818 and Fedora Core 5 Live CD Released! RahulSundaram News 73 20th September 2006 11:54 AM
Accidently installed Fedora Core 5 yum config in Fedora Core 4 rbarbaro Installation, Upgrades and Live Media 3 22nd May 2006 04:55 PM
Fedora Core 5 does not recognize previously installed Fedora core 4 howlie Installation, Upgrades and Live Media 0 16th April 2006 01:45 PM


Current GMT-time: 15:48 (Friday, 31-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Kalulushi Photos - Sangla Travel Photos - Al `Ayyat